Field Level Security

Could someone point me in a direction on how to apply field level
security to my Rails app? Basically I have an update action on my
controller, but based on the permissions of the person logged in, I
want to control what fields they can update. Of course the model
object should enforce this security as well as disabling the controls
on the view if they don't have the permissions to edit it.

I have been through the Simple Access Control Example (http:// which is
good for applying permissions for whole actions, but I really need to
go more granular sometimes.

Brian R

You might want to take a look at Bruce Perens' ModelSecurity for some ideas.

Hobo might also have something along these lines, but I haven't checked it out yet.

Michael Glaesemann
grzm seespotcode net